DreamHost Security Issue

A possible security issue has been brought up in the forum at webhostingtalk.com. In some cases it might be possible for other customers on the same server to read files from your web directory and thereby get access to sensitive files including e.g. passwords. Dallas, one of the founders of DreamHost, explains that the issue is minor, and that it’s up to each customer to secure their files appropriately.

Even though DreamHost considers the issue to be minor, they have decided to change the default permissions on user directories. Accounts created within the last three weeks will already have the newer more restrictive permissions. Other accounts will be updated little by little to avoid any undesired side effects.

In case you’re concerned about this issue you can contact support to have the permissions changed immediately.

This entry was posted
on Wednesday, March 7th, 2007 at 13:57 and is filed under DreamHost.
You can follow any responses to this entry through the RSS 2.0 feed.
Both comments and pings are currently closed.

3 Responses to “Security Issues”

I had a good experience with Dreamhost regarding the security. I once found an issue which could potentially be very dangerous when combined with upload features of different web apps. I reported that to Dreamhost and they fixed it in a reasonable time and deployed it on all servers. So I am happy in that sense.